Lucene search
+L
AppleIcloud

449 matches found

CVE
CVE
added 2020/12/08 9:11 p.m.2160 views

CVE-2020-27918

CVE-2020-27918 is a use-after-free vulnerability in WebKitGTK/WebKit where processing maliciously crafted web content may lead to arbitrary code execution. The issue is documented across multiple advisories and is fixed upstream in WebKitGTK/WebKit version 2.30.6 (and corresponding package update...

7.8CVSS8.6AI score0.01361EPSS
CVE
CVE
added 2021/03/26 8:48 p.m.1343 views

CVE-2020-7463

CVE-2020-7463 is a FreeBSD kernel use-after-free vulnerability caused by improper handling of large user messages from multiple threads on the same SCTP socket. Affected: FreeBSD 12.1-STABLE before r364644, 11.4-STABLE before r364651, 12.1-RELEASE before p9, 11.4-RELEASE before p3, and 11.3-RELEA...

5.5CVSS5.8AI score0.00399EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.1259 views

CVE-2019-8506

CVE-2019-8506 is a type-confusion memory issue that affects WebKit components and was fixed in multiple Apple platforms (iOS 12.2, tvOS 12.2, watchOS 5.2, Safari 12.1, iTunes/Windows, iCloud for Windows 7.11) and WebKitGTK/WebKitGTK+ up to 2.28.x. The vulnerability can allow arbitrary code execut...

9.3CVSS8.6AI score0.18108EPSS
In wild
CVE
CVE
added 2020/12/08 8:13 p.m.1104 views

CVE-2020-27932

CVE-2020-27932 is a kernel-type-confusion issue in Apple’s XNU (mach turnstiles) that could allow a malicious app to execute code with kernel privileges. Connected sources confirm the root cause as a type confusion in kernel IPC machinery and note exploitation in-the-wild only in a macOS/iOS/macO...

9.3CVSS7.2AI score0.10337EPSS
In wild
CVE
CVE
added 2020/06/27 11:39 a.m.594 views

CVE-2020-15358

CVE-2020-15358 (SQLite) affects the SQLite library, specifically the query engine path in select.c where the query-flattener optimization mishandles constant propagation for multiSelectOrderBy. The root cause is a mishandling of transitive properties during constant propagation, leading to a heap...

5.5CVSS6.8AI score0.01027EPSS
CVE
CVE
added 2020/06/09 4:7 p.m.550 views

CVE-2020-9802

CVE-2020-9802 is a memory-related/logic issue in WebKit-based components where processing maliciously crafted web content may lead to arbitrary code execution. The initial Apple advisory links the vulnerability to multiple products and states that the issue is fixed in Apple iOS 13.5 and iPadOS 1...

8.8CVSS8.9AI score0.08207EPSS
CVE
CVE
added 2020/05/24 9:55 p.m.507 views

CVE-2020-13434

SQLite through 3.32.0 has an integer overflow in sqlite3_str_vappendf in printf.c (CVE-2020-13434). Affected versions are up to 3.32.0; remediation is to update to SQLite 3.32.3. This fix is reflected in multiple advisories (e.g., Apple iOS/macOS security content HT211850/HT211935 noting SQLite u...

5.5CVSS6.8AI score0.01013EPSS
CVE
CVE
added 2020/05/27 2:42 p.m.390 views

CVE-2020-13630

CVE-2020-13630 affects SQLite prior to 3.32.0, with a use-after-free in ext/fts3/fts3.c (fts3EvalNextRow) related to the snippet feature. Multiple connected advisories (Astra Linux, BSA, AlmaLinux) confirm the issue in SQLite and reference the same function/file. The provided sources do not quant...

7CVSS7.5AI score0.0103EPSS
CVE
CVE
added 2020/05/27 2:42 p.m.389 views

CVE-2020-13631

CVE-2020-13631 affects SQLite up to version 3.32.0, where a vulnerability allows renaming a virtual table to the name of one of its shadow tables (related to alter.c and build.c). Connected advisories confirm the issue in SQLite prior to 3.32.0 and note the remediation is to upgrade SQLite to 3.3...

5.5CVSS6.7AI score0.0062EPSS
CVE
CVE
added 2020/02/27 8:45 p.m.359 views

CVE-2020-3868

CVE-2020-3868 involves multiple memory corruption issues that are fixed by improved memory handling. The public advisories indicate the vulnerability could allow arbitrary code execution when processing malicious web content. The documented fixes show updates across Apple platforms: iOS 13.3.1 an...

9.3CVSS8.6AI score0.027EPSS
CVE
CVE
added 2020/10/16 4:56 p.m.347 views

CVE-2020-9983

CVE-2020-9983 is a WebKit-related out-of-bounds write vulnerability addressed by multiple vendors. Apple security entries show CVE-2020-9983 as part of the WebKit set fixed in iOS/tvOS/watchOS/macOS updates, with impact noted as arbitrary code execution when processing malicious web content. Fedo...

8.8CVSS7.8AI score0.02083EPSS
CVE
CVE
added 2021/09/08 2:55 p.m.344 views

CVE-2021-1825

CVE-2021-1825 is a WebKit/WebKit-related input validation issue that could enable cross-site scripting when processing malicious web content. Apple’s security content for Safari 14.1 and related WebKit components lists this CVE under WebKit’s input validation and notes it is fixed in Safari 14.1 ...

6.1CVSS6.4AI score0.01358EPSS
CVE
CVE
added 2020/06/09 4:6 p.m.340 views

CVE-2020-9805

CVE-2020-9805 is a WebKit/Web content handling issue reported by an anonymous researcher, fixed in Apple platforms. The connected Apple security entries show a logic issue in WebKit that could lead to universal cross-site scripting when processing maliciously crafted web content. Apple patch refe...

7.1CVSS7AI score0.01128EPSS
CVE
CVE
added 2020/04/01 5:49 p.m.333 views

CVE-2020-3899

CVE-2020-3899 affects WebKitGTK/WebKit2GTK (webkitgtk4) up to upstream 2.28.2. A memory consumption issue may allow a remote attacker to execute arbitrary code via crafted web content. Public advisories confirm upgrade requirements: Arch Linux ASA-202004-23 (webkit2gtk before 2.28.2-1), Debian DS...

9.3CVSS8.5AI score0.04017EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.331 views

CVE-2019-8820

CVE-2019-8820 is a WebKit vulnerability described as multiple memory corruption issues that could allow arbitrary code execution when processing malicious web content. The connected notes confirm the issue is present in WebKit components and was fixed in a range of Apple platforms/releases: iOS 1...

8.8CVSS8.6AI score0.09543EPSS
CVE
CVE
added 2019/04/03 5:50 p.m.330 views

CVE-2018-20506

CVE-2018-20506 concerns SQLite before 3.25.3 when FTS3 is enabled. The vulnerability is an integer overflow (leading to a buffer overflow) in an FTS3 merge operation after crafted changes to FTS3 shadow tables, enabling a remote attacker to execute arbitrary SQL statements (e.g., via WebSQL use c...

8.1CVSS8.4AI score0.07565EPSS
CVE
CVE
added 2019/07/01 1:27 a.m.326 views

CVE-2019-13118

CVE-2019-13118 affects libxslt 1.1.33, where a too-narrow type holding grouping characters in xsl:number can pass an invalid character/length to xsltNumberFormatDecimal, causing a read of uninitialized stack data (stack overflow vulnerability). Connected Apple advisories (HT210351, HT210346, HT21...

5.3CVSS6.1AI score0.05147EPSS
CVE
CVE
added 2020/06/09 4:7 p.m.324 views

CVE-2020-9806

CVE-2020-9806 is a WebKit memory-corruption defect reported in multiple Apple security advisories. The issue affects WebKit components underlying Safari and system web content handling, with impact described as arbitrary code execution when processing maliciously crafted web content. Remediation ...

8.8CVSS9.1AI score0.01731EPSS
CVE
CVE
added 2020/06/09 4:18 p.m.322 views

CVE-2020-9850

CVE-2020-9850 is a WebKit logic issue that allowed arbitrary code execution in affected Apple products (iOS 13.5, iPadOS 13.5, tvOS 13.4.5, watchOS 6.2.5, Safari 13.1.1, iTunes/iCloud Windows) and upstream WebKit/WebKitGTK. The issue was fixed in WebKit/WebKitGTK versions released around 2020 (Ap...

9.8CVSS8.8AI score0.77246EPSS
CVE
CVE
added 2020/06/09 4:6 p.m.321 views

CVE-2020-9803

CVE-2020-9803 is a memory corruption flaw disclosed as affecting processing of malicious web content, leading to arbitrary code execution. The Connected documents confirm it is addressed by an upstream WebKit fix and by Apple platform updates. Specifically: Apple pages (iOS 13.5/iPadOS 13.5, tvOS...

8.8CVSS9.2AI score0.01785EPSS
CVE
CVE
added 2020/10/16 4:53 p.m.320 views

CVE-2020-9951

CVE-2020-9951 is a WebKit use-after-free vulnerability in Safari (WebKit GTK also mirrors related WebKit issues). Exploitation requires a victim to visit a specially crafted web site, potentially enabling arbitrary code execution on affected Apple platforms. The issue is addressed in Safari/WebKi...

8.8CVSS8.2AI score0.02333EPSS
CVE
CVE
added 2020/10/16 4:49 p.m.315 views

CVE-2020-9925

CVE-2020-9925 concerns a logic issue in WebKit that affects Safari/WebKit components across Apple platforms. The vulnerability could allow universal cross-site scripting when processing malicious web content. Apple patched this by updating to iOS 13.6/iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safa...

6.1CVSS6.4AI score0.01135EPSS
CVE
CVE
added 2020/10/27 8:7 p.m.314 views

CVE-2019-8846

CVE-2019-8846 is a use-after-free vulnerability in WebKit-related components that can lead to arbitrary code execution when handling malicious web content. The issue was addressed with improved memory management and is fixed in several Apple platforms: tvOS 13.3, iOS/iPadOS 13.3, Safari 13.0.4, a...

9.3CVSS8.3AI score0.02238EPSS
CVE
CVE
added 2020/02/27 8:45 p.m.314 views

CVE-2020-3867

CVE-2020-3867 is a WebKitGTK/WebKit vulnerability categorized as a logic issue in state management that could enable universal cross-site scripting when processing malicious web content. According to the documents, the issue affects WebKitGTK/WebKit components (notably webkitgtk4) and was fixed i...

6.1CVSS6.2AI score0.01386EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.313 views

CVE-2019-8690

CVE-2019-8690 is a WebKit/WebKitGTK4 logic issue where document load handling could lead to universal cross-site scripting. The vulnerability is addressed by a state-management fix and is fixed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, and corresponding WebKitGTK/WebKit compone...

6.1CVSS6.1AI score0.04541EPSS
CVE
CVE
added 2020/06/09 4:18 p.m.311 views

CVE-2020-9843

CVE-2020-9843 is a WebKit/WebKitGTK issue described as an input validation weakness that may lead to cross-site scripting when processing malicious web content. The vulnerability is documented across multiple platforms: Apple: WebKit-related entries in iOS 13.5/iPadOS 13.5/watchOS 6.2.5/Safari 13...

7.1CVSS6.9AI score0.01083EPSS
CVE
CVE
added 2020/10/16 4:40 p.m.308 views

CVE-2020-9894

CVE-2020-9894 affects WebKit in Windows 10+ (via Microsoft Store) with an out-of-bounds read addressed by improved input validation. Impact: remote termination or arbitrary code execution. Remediation: apply the relevant Apple/Safari security updates (Safari 13.1.2; iOS 13.6/iPadOS 13.6; Safari m...

4.3CVSS6.7AI score0.02686EPSS
CVE
CVE
added 2020/10/16 4:40 p.m.308 views

CVE-2020-9895

CVE-2020-9895 is a use-after-free in memory management that Apple fixed across multiple platforms. Fixed in iOS 13.6, iPadOS 13.6, tvOS 13.4.8, watchOS 6.2.8, Safari 13.1.2, iTunes 12.10.8 for Windows, and iCloud for Windows 11.3/7.20. The issue could allow remote code execution or cause arbitrar...

9.8CVSS9.1AI score0.04316EPSS
CVE
CVE
added 2020/10/16 4:47 p.m.308 views

CVE-2020-9915

CVE-2020-9915 is an access issue in WebKit related to Content Security Policy enforcement. The description notes that processing malicious web content may prevent CSP from being enforced. Public details in connected Apple advisories show the vulnerability affecting WebKit components and being mit...

6.5CVSS6.8AI score0.01444EPSS
CVE
CVE
added 2020/10/16 4:32 p.m.307 views

CVE-2020-9862

The CVE-2020-9862 entry concerns a command injection vulnerability in Web Inspector (WebKit Web Inspector). The root cause is inadequate escaping when copying a URL from Web Inspector, enabling a potential command injection path. Affected components: Web Inspector/WebKit implementations used in A...

7.8CVSS8AI score0.01757EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.306 views

CVE-2019-8766

CVE-2019-8766 is a memory-corruption family entry observed across multiple products. Public references show the issue being addressed by memory-management fixes that mitigate arbitrary-code execution when processing malicious web content. Reported fixes appear in watchOS 6.1 and iCloud for Window...

8.8CVSS8.9AI score0.0172EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.301 views

CVE-2019-8819

CVE-2019-8819 is a WebKit/WebKit-related memory corruption issue that could be triggered by processing malicious web content, potentially enabling arbitrary code execution. The initial entry notes a fix in iOS 13.2/iPadOS 13.2, tvOS 13.2, Safari 13.0.3, and related Apple components. Connected sou...

8.8CVSS8.6AI score0.0192EPSS
CVE
CVE
added 2020/02/27 8:45 p.m.300 views

CVE-2020-3865

CVE-2020-3865 is a WebKit-related memory-corruption issue that affects WebKit and WebKitGTK/WebKitGTK4 components. The initial entry notes memory corruption issues addressed by improved memory handling and fixes in iOS 13.3.1/iPadOS 13.3.1, tvOS 13.3.1, Safari 13.0.5, and related Windows/macOS co...

8.8CVSS8.6AI score0.01858EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.299 views

CVE-2019-8816

CVE-2019-8816 refers to multiple memory corruption issues in WebKit-related components that could lead to arbitrary code execution when processing malicious web content. Public details indicate fixes across Apple platforms: iOS 13.2 and iPadOS 13.2, tvOS 13.2, watchOS 6.1, Safari 13.0.3, and rele...

9.3CVSS8.6AI score0.02583EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.298 views

CVE-2019-8815

CVE-2019-8815 is a WebKit memory-corruption issue affecting Apple’s WebKit-derived components. It could enable arbitrary code execution after processing malicious web content. Apple tied fixes to iOS 13.2/iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, iCloud for Windows 11.0 (...

9.3CVSS8.6AI score0.02291EPSS
CVE
CVE
added 2019/04/03 5:51 p.m.297 views

CVE-2018-20505

CVE-2018-20505 affects SQLite 3.25.2 and is caused by queries on a table with a malformed PRIMARY KEY, allowing remote attackers to cause an application crash (DoS) by running arbitrary SQL statements (e.g., in WebSQL use cases). Public-connected documents confirm the issue and note related mitig...

7.5CVSS8.2AI score0.06952EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.297 views

CVE-2019-8710

CVE-2019-8710 is a WebKit/WebKitGTK memory‑corruption issue that could allow arbitrary code execution when processing malicious web content. It is fixed in iCloud for Windows 11.0 and in upstream WebKit/WebKitGTK updates (e.g., WebKitGTK 2.28.x series). Remediation: update to affected WebKitGTK/W...

8.8CVSS8.4AI score0.01558EPSS
CVE
CVE
added 2020/10/27 7:55 p.m.296 views

CVE-2019-8844

CVE-2019-8844 is a memory corruption issue reported across Apple/WebKit components. The connected advisory confirms the vulnerability was addressed in tvOS 13.3, iOS/iPadOS 13.3, watchOS 6.1.1, Safari 13.0.4, and related macOS/iCloud/iTunes releases, indicating improved memory handling fixed the ...

9.3CVSS8.6AI score0.02091EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.295 views

CVE-2019-8783

CVE-2019-8783 is a memory corruption issue in WebKit/WebKitGTK3 contexts that Apple docs attribute to multiple memory corruption vulnerabilities resolved in iOS 13.2 / iPadOS 13.2 / macOS Catalina 10.15.x / tvOS 13.2 and Safari 13.0.3. The connected materials also show WebKitGTK/WebKit entries li...

8.8CVSS8.6AI score0.01952EPSS
CVE
CVE
added 2020/04/14 10:41 p.m.295 views

CVE-2020-11763

OpenEXR has a CVE-2020-11763 vulnerability affecting versions before 2.4.1 due to an std::vector out-of-bounds read and write, demonstrated in ImfTileOffsets.cpp. Amazon Linux 2 and Red Hat advisories confirm the issue and list related OpenEXR problems (11761, 11763, 11764). The fixed version is ...

5.5CVSS5.5AI score0.01793EPSS
CVE
CVE
added 2020/10/27 7:53 p.m.293 views

CVE-2019-8835

CVE-2019-8835 involves multiple memory corruption issues in WebKit components. The public description states exploitation could occur by processing malicious web content, with fixed versions including tvOS 13.3, iOS 13.3 and iPadOS 13.3, Safari 13.0.4, iTunes 12.10.3 for Windows, iCloud for Windo...

9.3CVSS8.6AI score0.02018EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.291 views

CVE-2019-8811

CVE-2019-8811 is a memory corruption vulnerability in WebKit that affected WebKit components used by Apple and related Windows apps (e.g., iCloud for Windows) and could be triggered by processing malicious web content to achieve arbitrary code execution. The vulnerability is addressed in the Appl...

8.8CVSS8.6AI score0.01997EPSS
CVE
CVE
added 2020/06/09 4:8 p.m.290 views

CVE-2020-9807

CVE-2020-9807 is a memory corruption issue in WebKit components that can occur when processing maliciously crafted web content, potentially enabling arbitrary code execution. The vulnerability affects WebKitGTK and related WebKit builds prior to the fixed version, with upstream fix in WebKit 2.28...

8.8CVSS9.1AI score0.01802EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.289 views

CVE-2019-8782

CVE-2019-8782 is a WebKit-related memory corruption issue addressed by Apple in iOS 13.2, iPadOS 13.2, tvOS 13.2, Safari 13.0.3, iTunes for Windows 12.10.2, and iCloud for Windows 11.0. The advisory notes multiple memory corruption vulnerabilities fixed across WebKit with improved memory handling...

8.8CVSS8.6AI score0.0186EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.287 views

CVE-2019-8671

CVE-2019-8671 is a WebKit memory-corruption issue reported by Apple and addressed in iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows 12.9.6, and iCloud for Windows 7.13/10.6. The advisory indicates that processing malicious web content may lead to arbitrary code execu...

8.8CVSS8.5AI score0.07714EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.286 views

CVE-2019-8625

CVE-2019-8625 is a logic issue in WebKitGTK/WebKit related to state management. It is fixed in tvOS 13, iTunes for Windows 12.10.1, iCloud for Windows 10.7, and iCloud for Windows 7.14, and is associated with universal cross-site scripting when processing crafted web content. Connected advisories...

6.1CVSS6.3AI score0.0122EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.285 views

CVE-2019-8672

CVE-2019-8672 is a WebKit memory-corruption vulnerability affecting Apple platforms. Apple’s HT210346 notes fixes in iOS 12.4, macOS 10.14.6, tvOS 12.4, watchOS 5.3, Safari 12.1.2, and related Apple software (iTunes/iCloud for Windows). Description: memory corruption issues addressed with improve...

9.3CVSS8.6AI score0.11024EPSS
CVE
CVE
added 2020/04/14 10:42 p.m.285 views

CVE-2020-11761

CVE-2020-11761 involves an out-of-bounds read during Huffman uncompression in OpenEXR before 2.4.1 (CVE-2020-11761). Amazon Linux 2 advisory ALAS2-2020-1499 documents OpenEXR issues including CVE-2020-11761 and notes the fix in OpenEXR 1.7.1 packages for AL2 and provides upgrade guidance. Red Hat...

5.5CVSS5.5AI score0.01785EPSS
CVE
CVE
added 2020/04/14 10:41 p.m.285 views

CVE-2020-11764

OpenEXR before 2.4.1 contains an out-of-bounds write in copyIntoFrameBuffer (ImfMisc.cpp), CVE-2020-11764. Amazon Linux 2 ALAS2-2020-1499 confirms the OpenEXR fix and provides updated packages; Red Hat/CentOS advisories (RHSA-2020:4039) also address CVE-2020-11764 among related OpenEXR issues. Re...

5.5CVSS5.6AI score0.01785EPSS
CVE
CVE
added 2019/12/18 5:33 p.m.283 views

CVE-2019-8676

CVE-2019-8676 is a WebKit-related vulnerability described as multiple memory corruption issues that could allow arbitrary code execution when processing malicious web content. The referenced advisories indicate fixes in: iOS 12.4, macOS Mojave 10.14.6, tvOS 12.4, Safari 12.1.2, iTunes for Windows...

9.3CVSS8.6AI score0.02482EPSS
Total number of security vulnerabilities449